Share this page!

Enter URL or ID to Unroll

You can paste full URL like: https://x.com/threadreaderapp/status/1644127596119195649
or just the ID like: 1644127596119195649

How to get URL link on X (Twitter) App

  1. On the Twitter thread, click on or icon on the bottom
  2. Click again on or Share Via icon
  3. Click on Copy Link to Tweet
  4. Paste it above and click "Unroll Thread"!
  5. More info at Twitter Help
Tushar Verma 🇮🇳 Profile picture
Tushar Verma 🇮🇳
@e11i0t_4lders0n
Offensive Security Consultant at NST-Cyber | @SynackRedTeam Member | Public Speaker | Open for Freelance Engagements
Durja Profile picture Kommoju Jagadeesh Profile picture 3 subscribed
Jun 12, 2022 9 tweets 4 min read
Bug Bounty Free Learning Materials

Follow this thread if you can’t google and learn things😅

#bugbounty #bugbountytip #bugbountytips This thread will be from basics to advance and you just need to start learning from it 🙂
Jun 11, 2022 7 tweets 2 min read
AWS Identity and Access Management (IAM)

Thread🧵

#aws #AWS #DevOpsCommunity AWS Identity and Access Management (IAM) is a web service that helps you securely control access to AWS resources. You use IAM to control who is authenticated and authorized to use resources.
May 8, 2022 6 tweets 2 min read
Facing problem in making your own recon methodology

Follow this thread 🧵

#bugbounty #bugbountytip #bugbountytips 1: The Bug Hunter's Methodology v4.0 - Recon Edition
May 8, 2022 9 tweets 2 min read
SQLi Manual Approach

Thread 🧵

#bugbounty #bugbountytip #bugbountytips First thing to test for an SQL injection is to try to break the query,with the intention of getting the syntax of how SQL is getting input at the backend.This technique works in UNION/Error based SQL Injections,where we force the backend database to throw an error.
Mar 16, 2022 7 tweets 2 min read
GitHub Recon for Bug Bounty

A thread 🧵

#bugbounty #bugbountytip #bugbountytips What is Github Recon??

Finding out essential information using several features offered by GitHub
Mar 7, 2022 4 tweets 3 min read
Big Problem faced by many bug bounty hunter

1-Company is not replying to your reports/findings
2-Company is closing your report without giving suitable reasons

How to minimise this???

Follow this thread 🧵

#bugbounty #bugbountytip #bugbountytips First and easy solution use any bug bounty platform like @Bugcrowd, @Hacker0x01, @yeswehack, @intigriti etc etc because atleast you will get response in a fixed time. But many have there own bug bounty program and not hosted on these platforms.
Mar 6, 2022 16 tweets 10 min read
How to start Bug Bounty Hunting

Follow this thread 🧵

Note:I m assuming that you have cleared your basics

#bugbounty #bugbountytip #bugbountytips Start with learning how to use Burpsuite basics, there are many tutorials available on internet which you can refer. Why it is important?because it is important 🤪

Now you can start @PortSwigger Academy. They have a learning path you can follow that or you can follow owasp list
Dec 3, 2021 12 tweets 4 min read
Cloud Metadata Dictionary useful for SSRF Testing

## IPv6 Tests

http://[::ffff:169.254.169.254]

http://[0:0:0:0:0:ffff:169.254.169.254]

#bugbountytips #bugbounty #bugbountytip ## AWS

# Amazon Web Services (No Header Required)

# from docs.aws.amazon.com/AWSEC2/latest/…

http://169.254.169.254/latest/meta-data/iam/security-credentials/dummy

http://169.254.169.254/latest/user-data

http://169.254.169.254/latest/user-data/iam/security-credentials/[ROLE NAME]
Nov 9, 2021 14 tweets 2 min read
AWS Security Testing Checklist

=Identity and Access Management

1-Ensure multi-factor authentication (MFA) is enabled for all IAM users that have a console password
2-Ensure credentials unused for 90 days or greater are disabled 3-Ensure access keys are rotated every 90 days or less
4-Ensure IAM password policy requires at least one uppercase letter
5-Ensure IAM password policy requires at least one lowercase letter
6-Ensure IAM password policy requires at least one symbol
Nov 5, 2021 5 tweets 1 min read
If an LFI vulnerability exists, look for these files:

1-Linux system and user files:
/etc/passwd
/etc/shadow
/etc/issue
/etc/group
/etc/hostname
/home/user/
/home/user/.ssh
/home/user/bash_history

#bugbounty #bugbountytip #bugbountytips 2-Log files:
/var/log/apache/access.log
/var/log/apache2/access.log
/var/log/httpd/access_log
/var/log/apache/error.log
/var/log/apache2/error.log
/var/log/httpd/error_log
Nov 5, 2021 7 tweets 1 min read
DevSecOps Automation

1-Static Application Security Testing (SAST)
-SonarQube
-CxSAST (Checkmarx)
-Fortify
-Veracode Static Analysis (Veracode) 2-Software composition analysis (SCA)
-Blackduck
-WhiteSource
-Snyk
-Threatwatch
-CAST Highlight
-Dependency-Track
-Veracode Software Composition Analysis
-Whitehat Sentinel SCA Essentials
Nov 4, 2021 4 tweets 1 min read
AWS Security Best Practices

1-Identify Security Requirements
-Define and Categorize Assets in AWS
-Create Classifications for Data and Applications 2-Deploy Solutions Designed to Solve Cloud Security Challenges
-Manage Cloud Access: Limiting
-Use Cloud-Native Security Solutions
-Protect All Your Perimeters and Segment Everything
-Maintain a Consistent Security Posture Throughout AWS Deployments
Sep 28, 2021 13 tweets 3 min read
File Upload Restriction Bypass Checklist

1-Try various file extensions-Try different versions of the file extensions, for example php3, .php4, .php5, phtml for PHP scripts, asp,aspx

#bugbounty #bugbountytip #bugbountytips 2-Append an extra file extension-If the application is not properly validating for the file extension, this can be exploited by appending another extension, for example from script.php to script.php.gif or script.gif.php